Dell Force10 S4810P Configuration Manual page 766
High-density, 1ru 48-port 10gbe switch
Hide thumbs
Also See for Force10 S4810P:
- Manual (60 pages) ,
- Quick start manual (27 pages) ,
- Reference manual (1637 pages)
Table of Contents
Advertisement
•
Configuring IPsec Authentication for an OSPFv3 Area
•
Configuring IPsec Encryption for an OSPFv3 Area
•
Displaying OSPFv3 IPsec Security Policies
Configuring IPsec Authentication on an Interface
Prerequisite: Before you enable IPsec authentication on an OSPFv3 interface, you must first enable IPv6
unicast routing globally, configure an IPv6 address and enable OSPFv3 on the interface, and assign it to an
area (see
To configure IPsec authentication on an interface, enter the following command:
Command Syntax
ipv6 ospf authentication { null |
ipsec spi number { MD5 | SHA1 }
[key-encryption-type] key}
An SPI value must be unique to one IPsec security policy (authentication or encryption) on the router . You
must configure the same authentication policy (same SPI and key) on each OSPFv3 interface in a link.
To remove an IPsec authentication policy from an interface, enter the
command. To remove null authentication on an interface to allow the interface to inherit the
number
authentication policy configured for the OSPFv3 area, enter the
To display the configuration of IPsec authentication policies on the router, enter the
command. To display the security associations set up for OSPFv3 interfaces in authentication
policy
policies, enter the s
766
|
Open Shortest Path First (OSPFv2 and OSPFv3)
Configuration Task List for OSPFv3 (OSPF for
Command Mode
INTERFACE
how crypto ipsec sa ipv6
IPv6)).
Usage
Enable IPsec authentication for OSPFv3 packets on an
IPv6-based interface, where:
null causes an authentication policy configured for the
area to not be inherited on the interface.
ipsec spi number is the Security Policy index (SPI)
value. Range: 256 to 4294967295.
MD5 | SHA1 specifies the authentication type:
Message Digest 5 (MD5) or Secure Hash
Algorithm 1 (SHA-1).
key-encryption-type
encrypted. Valid values : 0 (key is not encrypted) or 7
(key is encrypted) .
key specifies the text string used in authentication. All
neighboring OSPFv3 routers must share the same key to
exchange information.
For MD5 authentication, the key must be 32 hex digits
(non-encrypted) or 64 hex digits (encrypted).
For SHA-1 authentication, the key must be 40 hex digits
(non-encrypted) or 80 hex digits (encrypted).
no ipv6 ospf authentication null
command.
(optional) specifies if the key is
no ipv6 ospf authentication ipsec spi
show crypto ipsec
command.
Advertisement
Table of Contents
Troubleshooting
